What is CVE-2016-6364?

CVE-2016-6364 is a high-severity vulnerability in Cisco Unified_communications_manager, classified under Information Disclosure. CVSS score: 7.5/10. Published 2016-08-23.

How severe is CVE-2016-6364?

High severity. CVSS v3 base score is 7.5 out of 10.

Information disclosure in Cisco Unified_communications_manager

CVE-2016-6364

The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.

Vulnerability class: Information Disclosure

EPSS: 0.007 (73.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Cisco Unified_communications_manager — versions 11.5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

92517 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
1036650 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
20160817 Cisco Unified Communications Manager Information Disclosure Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2016-6364?: CVE-2016-6364 is a high-severity vulnerability in Cisco Unified_communications_manager, classified under Information Disclosure. CVSS score: 7.5/10. Published 2016-08-23.
How severe is CVE-2016-6364?: High severity. CVSS v3 base score is 7.5 out of 10.